The Nigeria Police Force’s National Cybercrime Centre (NPF-NCCC), in collaboration with the United States’ Federal Bureau of Investigation (FBI) and the US Secret Service, has arrested three suspected internet fraudsters in Lagos and Edo states.

The arrests followed intelligence linking the suspects to sophisticated phishing attacks targeting the email systems of major corporate organisations, mostly in Nigeria.

In a statement released on Thursday, the Force Public Relations Officer, CSP Benjamin Hundeyin, said the suspects allegedly deployed phishing links and malicious software to gain unauthorised access to Microsoft 365 accounts.

According to the statement, the operation was triggered by actionable intelligence from Microsoft Corporation and the FBI, which exposed the use of an advanced phishing toolkit known as RaccoonO365.

Hundeyin explained that the toolkit was designed to generate fake Microsoft login portals, enabling the theft of user credentials and unauthorised access to corporate, financial, and educational email platforms.

Investigations traced multiple cases of unauthorised Microsoft 365 account access between January and September 2025 to phishing emails that closely mimicked legitimate Microsoft authentication pages. The breaches reportedly resulted in business email compromise, data leaks, and financial losses across several jurisdictions.

“Consequently, the NPF-NCCC initiated a coordinated, intelligence-driven operation in collaboration with Microsoft, the FBI, and the United States Secret Service,” Hundeyin said.

Operatives were subsequently deployed to Lagos and Edo states, where three suspects were arrested. Searches conducted at their residences led to the recovery of laptops, mobile phones, and other digital devices, which forensic analysis linked to the fraudulent scheme.

Further investigations identified Okitipi Samuel, also known as RaccoonO365 and Moses Felix, as the principal suspect and developer of the phishing infrastructure.

Police said he allegedly operated a Telegram channel through which phishing links were sold for cryptocurrency and hosted fake login portals on Cloudflare using stolen or fraudulently obtained email credentials.

However, investigators noted that there was no evidence linking the two other suspects to the creation or management of the phishing infrastructure.

The Nigeria Police Force reaffirmed its commitment to protecting the country’s digital space through advanced technology, strong international partnerships, and sustained investigative and prosecutorial efforts against emerging cyber threats.